WASHINGTON (AP) — The Federal Trade Commission is accusing a small Atlanta-based medical lab that specializes in cancer detection of not doing enough to protect its patients’ online records.

The federal regulators filed a formal complaint Thursday against LabMD alleging that the company’s lax security controls led to a billing sheet being leaked to a public file-sharing network. The billing sheet contained the personal data on more than 9,000 consumers. The FTC says California police later discovered that identity thieves had acquired personal data from at least 500 LabMD consumers.

Reached by phone on Thursday, LabMD founder Michael Daugherty said he objects to the allegations and plans to release a full statement soon. He claims on his personal website that the document was stolen by a cybersecurity firm trying to sell LabMD services.